4 * Copyright (c) 2008-2011 Pacman Development Team <pacman-dev@archlinux.org>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
27 #include <locale.h> /* setlocale() */
41 #define CHECK_ERR(void) do { \
42 if(gpg_err_code(err) != GPG_ERR_NO_ERROR) { goto error; } \
45 static const char *string_validity(gpgme_validity_t validity
)
48 case GPGME_VALIDITY_UNKNOWN
:
50 case GPGME_VALIDITY_UNDEFINED
:
52 case GPGME_VALIDITY_NEVER
:
54 case GPGME_VALIDITY_MARGINAL
:
56 case GPGME_VALIDITY_FULL
:
58 case GPGME_VALIDITY_ULTIMATE
:
64 static void sigsum_test_bit(gpgme_sigsum_t sigsum
, alpm_list_t
**summary
,
65 gpgme_sigsum_t bit
, const char *value
)
68 *summary
= alpm_list_add(*summary
, (void *)value
);
72 static alpm_list_t
*list_sigsum(gpgme_sigsum_t sigsum
)
74 alpm_list_t
*summary
= NULL
;
75 /* The docs say this can be a bitmask...not sure I believe it, but we'll code
76 * for it anyway and show all possible flags in the returned string. */
78 /* The signature is fully valid. */
79 sigsum_test_bit(sigsum
, &summary
, GPGME_SIGSUM_VALID
, "valid");
80 /* The signature is good. */
81 sigsum_test_bit(sigsum
, &summary
, GPGME_SIGSUM_GREEN
, "green");
82 /* The signature is bad. */
83 sigsum_test_bit(sigsum
, &summary
, GPGME_SIGSUM_RED
, "red");
84 /* One key has been revoked. */
85 sigsum_test_bit(sigsum
, &summary
, GPGME_SIGSUM_KEY_REVOKED
, "key revoked");
86 /* One key has expired. */
87 sigsum_test_bit(sigsum
, &summary
, GPGME_SIGSUM_KEY_EXPIRED
, "key expired");
88 /* The signature has expired. */
89 sigsum_test_bit(sigsum
, &summary
, GPGME_SIGSUM_SIG_EXPIRED
, "sig expired");
90 /* Can't verify: key missing. */
91 sigsum_test_bit(sigsum
, &summary
, GPGME_SIGSUM_KEY_MISSING
, "key missing");
92 /* CRL not available. */
93 sigsum_test_bit(sigsum
, &summary
, GPGME_SIGSUM_CRL_MISSING
, "crl missing");
94 /* Available CRL is too old. */
95 sigsum_test_bit(sigsum
, &summary
, GPGME_SIGSUM_CRL_TOO_OLD
, "crl too old");
96 /* A policy was not met. */
97 sigsum_test_bit(sigsum
, &summary
, GPGME_SIGSUM_BAD_POLICY
, "bad policy");
98 /* A system error occured. */
99 sigsum_test_bit(sigsum
, &summary
, GPGME_SIGSUM_SYS_ERROR
, "sys error");
102 summary
= alpm_list_add(summary
, (void *)"(empty)");
107 static int init_gpgme(alpm_handle_t
*handle
)
110 const char *version
, *sigdir
;
112 gpgme_engine_info_t enginfo
;
115 /* we already successfully initialized the library */
119 sigdir
= handle
->gpgdir
;
121 if (_alpm_access(handle
, sigdir
, "pubring.gpg", R_OK
)
122 || _alpm_access(handle
, sigdir
, "trustdb.gpg", R_OK
)) {
123 handle
->pm_errno
= ALPM_ERR_NOT_A_FILE
;
124 _alpm_log(handle
, ALPM_LOG_DEBUG
, "Signature verification will fail!\n");
127 /* calling gpgme_check_version() returns the current version and runs
128 * some internal library setup code */
129 version
= gpgme_check_version(NULL
);
130 _alpm_log(handle
, ALPM_LOG_DEBUG
, "GPGME version: %s\n", version
);
131 gpgme_set_locale(NULL
, LC_CTYPE
, setlocale(LC_CTYPE
, NULL
));
133 gpgme_set_locale(NULL
, LC_MESSAGES
, setlocale(LC_MESSAGES
, NULL
));
136 * The GPGME library installs a SIGPIPE signal handler automatically if
137 * the default signal hander is in use. The only time we set a handler
138 * for SIGPIPE is in dload.c, and we reset it when we are done. Given that
139 * we do this, we can let GPGME do its automagic. However, if we install
140 * a library-wide SIGPIPE handler, we will have to be careful.
143 /* check for OpenPGP support (should be a no-brainer, but be safe) */
144 err
= gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP
);
147 /* set and check engine information */
148 err
= gpgme_set_engine_info(GPGME_PROTOCOL_OpenPGP
, NULL
, sigdir
);
150 err
= gpgme_get_engine_info(&enginfo
);
152 _alpm_log(handle
, ALPM_LOG_DEBUG
, "GPGME engine info: file=%s, home=%s\n",
153 enginfo
->file_name
, enginfo
->home_dir
);
159 _alpm_log(handle
, ALPM_LOG_ERROR
, _("GPGME error: %s\n"), gpgme_strerror(err
));
160 RET_ERR(handle
, ALPM_ERR_GPGME
, 1);
164 * Decode a loaded signature in base64 form.
165 * @param base64_data the signature to attempt to decode
166 * @param data the decoded data; must be freed by the caller
167 * @param data_len the length of the returned data
168 * @return 0 on success, 1 on failure to properly decode
170 static int decode_signature(const char *base64_data
,
171 unsigned char **data
, size_t *data_len
) {
172 size_t len
= strlen(base64_data
);
173 unsigned char *usline
= (unsigned char *)base64_data
;
174 /* reasonable allocation of expected length is 3/4 of encoded length */
175 size_t destlen
= len
* 3 / 4;
176 MALLOC(*data
, destlen
, goto error
);
177 if(base64_decode(*data
, &destlen
, usline
, len
)) {
191 * Check the PGP signature for the given file path.
192 * If base64_sig is provided, it will be used as the signature data after
193 * decoding. If base64_sig is NULL, expect a signature file next to path
196 * The return value will be 0 if nothing abnormal happened during the signature
197 * check, and -1 if an error occurred while checking signatures or if a
198 * signature could not be found; pm_errno will be set. Note that "abnormal"
199 * does not include a failed signature; the value in #siglist should be checked
200 * to determine if the signature(s) are good.
201 * @param handle the context handle
202 * @param path the full path to a file
203 * @param base64_sig optional PGP signature data in base64 encoding
204 * @param siglist a pointer to storage for signature results
205 * @return 0 in normal cases, -1 if the something failed in the check process
207 int _alpm_gpgme_checksig(alpm_handle_t
*handle
, const char *path
,
208 const char *base64_sig
, alpm_siglist_t
*siglist
)
210 int ret
= -1, sigcount
;
213 gpgme_data_t filedata
, sigdata
;
214 gpgme_verify_result_t verify_result
;
215 gpgme_signature_t gpgsig
;
216 char *sigpath
= NULL
;
217 unsigned char *decoded_sigdata
= NULL
;
218 FILE *file
= NULL
, *sigfile
= NULL
;
220 if(!path
|| _alpm_access(handle
, NULL
, path
, R_OK
) != 0) {
221 RET_ERR(handle
, ALPM_ERR_NOT_A_FILE
, -1);
225 RET_ERR(handle
, ALPM_ERR_WRONG_ARGS
, -1);
230 sigpath
= _alpm_sigpath(handle
, path
);
231 /* this will just help debugging */
232 _alpm_access(handle
, NULL
, sigpath
, R_OK
);
235 if(init_gpgme(handle
)) {
236 /* pm_errno was set in gpgme_init() */
240 _alpm_log(handle
, ALPM_LOG_DEBUG
, "checking signature for %s\n", path
);
242 memset(&ctx
, 0, sizeof(ctx
));
243 memset(&sigdata
, 0, sizeof(sigdata
));
244 memset(&filedata
, 0, sizeof(filedata
));
246 err
= gpgme_new(&ctx
);
249 /* create our necessary data objects to verify the signature */
250 file
= fopen(path
, "rb");
252 handle
->pm_errno
= ALPM_ERR_NOT_A_FILE
;
255 err
= gpgme_data_new_from_stream(&filedata
, file
);
258 /* next create data object for the signature */
260 /* memory-based, we loaded it from a sync DB */
262 int decode_ret
= decode_signature(base64_sig
,
263 &decoded_sigdata
, &data_len
);
265 handle
->pm_errno
= ALPM_ERR_SIG_INVALID
;
268 err
= gpgme_data_new_from_mem(&sigdata
,
269 (char *)decoded_sigdata
, data_len
, 0);
271 /* file-based, it is on disk */
272 sigfile
= fopen(sigpath
, "rb");
273 if(sigfile
== NULL
) {
274 _alpm_log(handle
, ALPM_LOG_DEBUG
, "sig path %s could not be opened\n",
276 handle
->pm_errno
= ALPM_ERR_SIG_MISSING
;
279 err
= gpgme_data_new_from_stream(&sigdata
, sigfile
);
283 /* here's where the magic happens */
284 err
= gpgme_op_verify(ctx
, sigdata
, filedata
, NULL
);
286 verify_result
= gpgme_op_verify_result(ctx
);
288 if(!verify_result
|| !verify_result
->signatures
) {
289 _alpm_log(handle
, ALPM_LOG_DEBUG
, "no signatures returned\n");
290 handle
->pm_errno
= ALPM_ERR_SIG_MISSING
;
293 for(gpgsig
= verify_result
->signatures
, sigcount
= 0;
294 gpgsig
; gpgsig
= gpgsig
->next
, sigcount
++);
295 _alpm_log(handle
, ALPM_LOG_DEBUG
, "%d signatures returned\n", sigcount
);
297 CALLOC(siglist
->results
, sigcount
, sizeof(alpm_sigresult_t
),
298 handle
->pm_errno
= ALPM_ERR_MEMORY
; goto error
);
299 siglist
->count
= sigcount
;
301 for(gpgsig
= verify_result
->signatures
, sigcount
= 0; gpgsig
;
302 gpgsig
= gpgsig
->next
, sigcount
++) {
303 alpm_list_t
*summary_list
, *summary
;
304 alpm_sigstatus_t status
;
305 alpm_sigvalidity_t validity
;
307 alpm_sigresult_t
*result
;
309 _alpm_log(handle
, ALPM_LOG_DEBUG
, "fingerprint: %s\n", gpgsig
->fpr
);
310 summary_list
= list_sigsum(gpgsig
->summary
);
311 for(summary
= summary_list
; summary
; summary
= summary
->next
) {
312 _alpm_log(handle
, ALPM_LOG_DEBUG
, "summary: %s\n", (const char *)summary
->data
);
314 alpm_list_free(summary_list
);
315 _alpm_log(handle
, ALPM_LOG_DEBUG
, "status: %s\n", gpgme_strerror(gpgsig
->status
));
316 _alpm_log(handle
, ALPM_LOG_DEBUG
, "timestamp: %lu\n", gpgsig
->timestamp
);
317 _alpm_log(handle
, ALPM_LOG_DEBUG
, "exp_timestamp: %lu\n", gpgsig
->exp_timestamp
);
318 _alpm_log(handle
, ALPM_LOG_DEBUG
, "validity: %s; reason: %s\n",
319 string_validity(gpgsig
->validity
),
320 gpgme_strerror(gpgsig
->validity_reason
));
322 result
= siglist
->results
+ sigcount
;
323 err
= gpgme_get_key(ctx
, gpgsig
->fpr
, &key
, 0);
324 if(gpg_err_code(err
) == GPG_ERR_EOF
) {
325 _alpm_log(handle
, ALPM_LOG_DEBUG
, "key lookup failed, unknown key\n");
326 err
= GPG_ERR_NO_ERROR
;
327 /* we dupe the fpr in this case since we have no key to point at */
328 STRDUP(result
->key
.fingerprint
, gpgsig
->fpr
,
329 handle
->pm_errno
= ALPM_ERR_MEMORY
; goto error
);
333 result
->key
.data
= key
;
334 result
->key
.fingerprint
= key
->subkeys
->fpr
;
335 result
->key
.uid
= key
->uids
->uid
;
336 result
->key
.name
= key
->uids
->name
;
337 result
->key
.email
= key
->uids
->email
;
338 result
->key
.created
= key
->subkeys
->timestamp
;
339 result
->key
.expires
= key
->subkeys
->expires
;
340 _alpm_log(handle
, ALPM_LOG_DEBUG
, "key: %s, %s, owner_trust %s\n",
341 key
->subkeys
->fpr
, key
->uids
->uid
, string_validity(key
->owner_trust
));
345 switch(gpg_err_code(gpgsig
->status
)) {
347 case GPG_ERR_NO_ERROR
:
348 status
= ALPM_SIGSTATUS_VALID
;
350 case GPG_ERR_KEY_EXPIRED
:
351 status
= ALPM_SIGSTATUS_KEY_EXPIRED
;
354 case GPG_ERR_SIG_EXPIRED
:
355 status
= ALPM_SIGSTATUS_SIG_EXPIRED
;
357 case GPG_ERR_NO_PUBKEY
:
358 status
= ALPM_SIGSTATUS_KEY_UNKNOWN
;
360 case GPG_ERR_BAD_SIGNATURE
:
362 status
= ALPM_SIGSTATUS_INVALID
;
366 switch(gpgsig
->validity
) {
367 case GPGME_VALIDITY_ULTIMATE
:
368 case GPGME_VALIDITY_FULL
:
369 validity
= ALPM_SIGVALIDITY_FULL
;
371 case GPGME_VALIDITY_MARGINAL
:
372 validity
= ALPM_SIGVALIDITY_MARGINAL
;
374 case GPGME_VALIDITY_NEVER
:
375 validity
= ALPM_SIGVALIDITY_NEVER
;
377 case GPGME_VALIDITY_UNKNOWN
:
378 case GPGME_VALIDITY_UNDEFINED
:
380 validity
= ALPM_SIGVALIDITY_UNKNOWN
;
384 result
->status
= status
;
385 result
->validity
= validity
;
391 gpgme_data_release(sigdata
);
392 gpgme_data_release(filedata
);
401 FREE(decoded_sigdata
);
402 if(gpg_err_code(err
) != GPG_ERR_NO_ERROR
) {
403 _alpm_log(handle
, ALPM_LOG_ERROR
, _("GPGME error: %s\n"), gpgme_strerror(err
));
404 RET_ERR(handle
, ALPM_ERR_GPGME
, -1);
409 int _alpm_gpgme_checksig(alpm_handle_t UNUSED
*handle
, const char UNUSED
*path
,
410 const char UNUSED
*base64_sig
, alpm_sigresult_t UNUSED
*result
)
417 * Form a signature path given a file path.
418 * Caller must free the result.
419 * @param handle the context handle
420 * @param path the full path to a file
421 * @return the path with '.sig' appended, NULL on errors
423 char *_alpm_sigpath(alpm_handle_t
*handle
, const char *path
)
431 len
= strlen(path
) + 5;
432 CALLOC(sigpath
, len
, sizeof(char), RET_ERR(handle
, ALPM_ERR_MEMORY
, NULL
));
433 sprintf(sigpath
, "%s.sig", path
);
437 int _alpm_check_pgp_helper(alpm_handle_t
*handle
, const char *path
,
438 const char *base64_sig
, int optional
, int marginal
, int unknown
)
440 alpm_siglist_t siglist
;
443 memset(&siglist
, 0, sizeof(alpm_siglist_t
));
445 _alpm_log(handle
, ALPM_LOG_DEBUG
, "checking signatures for %s\n", path
);
446 ret
= _alpm_gpgme_checksig(handle
, path
, base64_sig
, &siglist
);
447 if(ret
&& handle
->pm_errno
== ALPM_ERR_SIG_MISSING
) {
449 _alpm_log(handle
, ALPM_LOG_DEBUG
, "missing optional signature\n");
450 handle
->pm_errno
= 0;
453 _alpm_log(handle
, ALPM_LOG_DEBUG
, "missing required signature\n");
454 /* ret will already be -1 */
457 _alpm_log(handle
, ALPM_LOG_DEBUG
, "signature check failed\n");
458 /* ret will already be -1 */
461 for(num
= 0; !ret
&& num
< siglist
.count
; num
++) {
462 switch(siglist
.results
[num
].status
) {
463 case ALPM_SIGSTATUS_VALID
:
464 case ALPM_SIGSTATUS_KEY_EXPIRED
:
465 _alpm_log(handle
, ALPM_LOG_DEBUG
, "signature is valid\n");
466 switch(siglist
.results
[num
].validity
) {
467 case ALPM_SIGVALIDITY_FULL
:
468 _alpm_log(handle
, ALPM_LOG_DEBUG
, "signature is fully trusted\n");
470 case ALPM_SIGVALIDITY_MARGINAL
:
471 _alpm_log(handle
, ALPM_LOG_DEBUG
, "signature is marginal trust\n");
476 case ALPM_SIGVALIDITY_UNKNOWN
:
477 _alpm_log(handle
, ALPM_LOG_DEBUG
, "signature is unknown trust\n");
482 case ALPM_SIGVALIDITY_NEVER
:
483 _alpm_log(handle
, ALPM_LOG_DEBUG
, "signature should never be trusted\n");
488 case ALPM_SIGSTATUS_SIG_EXPIRED
:
489 case ALPM_SIGSTATUS_KEY_UNKNOWN
:
490 case ALPM_SIGSTATUS_INVALID
:
491 _alpm_log(handle
, ALPM_LOG_DEBUG
, "signature is not valid\n");
498 alpm_siglist_cleanup(&siglist
);
503 * Check the PGP signature for the given package file.
504 * @param pkg the package to check
505 * @return a int value : 0 (valid), 1 (invalid), -1 (an error occurred)
507 int SYMEXPORT
alpm_pkg_check_pgp_signature(alpm_pkg_t
*pkg
,
508 alpm_siglist_t
*siglist
)
510 ASSERT(pkg
!= NULL
, return -1);
511 ASSERT(siglist
!= NULL
, RET_ERR(pkg
->handle
, ALPM_ERR_WRONG_ARGS
, -1));
512 pkg
->handle
->pm_errno
= 0;
514 return _alpm_gpgme_checksig(pkg
->handle
, alpm_pkg_get_filename(pkg
),
515 pkg
->base64_sig
, siglist
);
519 * Check the PGP signature for the given database.
520 * @param db the database to check
521 * @return a int value : 0 (valid), 1 (invalid), -1 (an error occurred)
523 int SYMEXPORT
alpm_db_check_pgp_signature(alpm_db_t
*db
,
524 alpm_siglist_t
*siglist
)
526 ASSERT(db
!= NULL
, return -1);
527 ASSERT(siglist
!= NULL
, RET_ERR(db
->handle
, ALPM_ERR_WRONG_ARGS
, -1));
528 db
->handle
->pm_errno
= 0;
530 return _alpm_gpgme_checksig(db
->handle
, _alpm_db_path(db
), NULL
, siglist
);
533 int SYMEXPORT
alpm_siglist_cleanup(alpm_siglist_t
*siglist
)
535 ASSERT(siglist
!= NULL
, return -1);
537 for(num
= 0; num
< siglist
->count
; num
++) {
538 alpm_sigresult_t
*result
= siglist
->results
+ num
;
539 if(result
->key
.data
) {
540 gpgme_key_unref(result
->key
.data
);
542 free(result
->key
.fingerprint
);
545 FREE(siglist
->results
);
550 /* vim: set ts=2 sw=2 noet: */